Skip to main content
SANS Security Awareness

Utility nav

  • GDPR
  • Support
  • SANS.org
  • Contact
  • Request Demo

Main navigation

  • Products
    • Products Overview Column
      • Products

        Build and mature your security awareness program with comprehensive training for everyone in your organization.

        View Products
    • Security Training Solutions
      • EndUser Training

        Security Awareness training designed by experts.

      • Phishing Tools

        Tiered-template phishing simulation tool designed for all learners.

    • Products - Training Span
      • Engineer Training

        Train all learners involved with Industrial Control Systems. 

      • NERC CIP Training

        Relevant Critical Infrastructure Protection training meeting compliance. 

      • Developer Training

        Protect web applications with secure coding practices. 

      • Healthcare Training

        Train learners following HITECH and HIPAA standards. 

    • Events
      • Courses & Summits

        Gain key insights and practical information in security awareness program building from experts in the field with our Summits and training courses. 

      • Summit Recap

        Review top talks from the 2019 SANS Security Awareness Summit in San Diego.

  • Why SANS
  • About
    • About Overview Column
      • About

        SANS has been around as long as the Internet. Learn about our history, experts and events around the world.

        Read About SANS Awareness
    • About Column 1
      • Our Experts

        World-class experts covering every aspect of security awareness and defense.

    • About Column 2
      • History

        Read about the SANS Security Awareness legacy.  

    • About Column 3
      • News

        Check out what’s going on with SANS Security Awareness in the news.

  • Reports
  • SSAP Credential
  • Blog
  • Resources
    • Resources Overview Column
      • Resources

        Looking to build and mature your security awareness program? These resources will enable you with the topics and techniques to improve your learner’s awareness in security.

    • Resources Column 1
      • Blog

        Read from subject matter experts and guest authors about the latest going on in security awareness.

      • Security Awareness Planning Toolkit

        Resources to help you plan, develop and deploy an effective program.

    • Resources Column 2
      • Posters

        Developed by the community for the community. Download and share these awareness posters with your organization.

      • Video of the Month

        Our popular VOTM program allows you to get an inside look of security awareness training on relevant topics affecting our society today.

    • Resources Column 3
      • OUCH! Newsletter

        The world leading security awareness newsletter. Offered in multiple languages, created by a community of experts.

      • Webcasts

        Gain deep insights from subject matter experts on security awareness, program building, behavior change and more.

Mobile Menu

October 2016 • The Monthly Security Awareness Newsletter for Everyone

Four Steps to Staying Secure

As technology gains a more important role in our lives, it also grows in complexity. Given how quickly technology changes, keeping up with security advice can be confusing. It seems like there is always new guidance on what you should or should not be doing. However, while the details of how to stay secure may change over time, there are fundamental things you can always do to protect yourself. Regardless of what technology you are using or where you are using it, we recommend the following four key steps.

OUCH! Oct 2016 Four Steps to Staying Secure
By following these four key steps, you'll go a long way to protecting yourself while leveraging the latest technology.
  1. You: First and foremost, keep in mind that technology alone will never be able to fully protect you. Attackers have learned that the easiest way to bypass even the most advanced security technology is by attacking you. If they want your password, credit card, or personal data, the easiest thing for them to do is to trick you into giving them this information. For example, they can call you pretending to be Microsoft tech support and claim that your computer is infected, when in reality they are just cyber criminals that want you to give them access to your computer. Or perhaps they will send you an email explaining that your package could not be delivered and ask you to click on a link to confirm your mailing address, when in reality they are tricking you into visiting a malicious website that will hack into your computer. This is how attacks such as Ransomware or CEO Fraud start. Ultimately, the greatest defense against attackers is you. Be suspicious. By using common sense, you can spot and stop most attacks.
  2. Passwords: The next step to protecting yourself involves using a strong, unique password for each of your devices and online accounts. The key words here are strong and unique. A strong password means one that cannot be easily guessed by hackers or by their automated programs. Tired of complex passwords that are hard to remember and difficult to type? Try using a passphrase instead. Instead of a single word, use a series of words that is easy to remember, such as “Where is my coffee?” The longer your passphrase is, the stronger. A unique password means using a different password for each device and online account. This way, if one password is compromised, all of your other accounts and devices are still safe. Can’t remember all those strong, unique passwords? Don’t worry, neither can we. That is why we recommend you use a password manager, which is a specialized application for your smartphone or computer that securely stores all of your passwords in an encrypted format.

    Finally, one of the most important steps you can take to protect any account is enable two-step verification. Passwords alone are no longer enough to protect accounts; we all need something stronger. Two-step verification is much stronger. It uses your password, but also adds a second step, either something you are (biometrics) or something you have (such as a code sent to your smartphone or an app on your smartphone that generates the code for you). Enable this option on every account you can, including your password manager, if possible. Two- step verification is probably the single most important step you can take to protect yourself, and it’s much easier than you think.
  3. Updating: Make sure your computers, mobile devices, apps, and anything else connected to the Internet are running the latest software versions. Cyber criminals are constantly looking for new vulnerabilities in the software your devices use. When they discover vulnerabilities, they use special programs to exploit them and hack into the devices you are using. Meanwhile, the companies that created the software for these devices are hard at work fixing them by releasing updates. By ensuring your computers and mobile devices install these updates, you make it much harder for someone to hack you. To stay current, simply enable automatic updating whenever possible. This rule applies to almost any technology connected to a network, including Internet-connected TVs, baby monitors, home routers, gaming consoles, or perhaps even your car. If your operating systems or devices are old and no longer supported with security updates, we recommend you replace them with new ones that are.
  4. Backups: Sometimes, no matter how careful you are, you may be hacked. If that is the case, often your only option to ensure your computer or mobile device is free of malware is to fully wipe it and rebuild it from scratch. The attacker might even prevent you from accessing your personal files, photos, and other information stored on the hacked system. Often the only way to restore all of your personal information is from backup. Make sure you are doing regular backups of any important information and verify that you can restore from them. Most operating systems and mobile devices support automatic backups. In addition, we recommend you store your backups in either the Cloud or offline to protect them against cyber attackers.

License

OUCH! newsletter is under the Creative Commons license.  You are free to share / distribute it but may not sell or modify it.

In This Issue

You
Passwords
Updating
Backups

English
OUCH-201610_en.pdf
Arabic
OUCH-201610_aa.pdf
Bahasa Indonesia
OUCH-201610_ba.pdf
Chinese, Simplified
OUCH-201610_cc.pdf
Chinese, Traditional
OUCH-201610_cn.pdf
Danish
OUCH-201610_da.pdf
Dutch
OUCH-201610_nl.pdf
Farsi
OUCH-201610_fa.pdf
French
OUCH-201610_fr.pdf
German
OUCH-201610_de.pdf
Hebrew
OUCH-201610_he.pdf
Hungarian
OUCH-201610_hu.pdf
Italian
OUCH-201610_it.pdf
Japanese
OUCH-201610_jp.pdf
Korean
OUCH-201610_kr.pdf
Latvian
OUCH-201610_lv.pdf
Lithuanian
OUCH-201610_lt.pdf
Norwegian
OUCH-201610_no.pdf
Polish
OUCH-201610_po.pdf
Portuguese
OUCH-201610_pt.pdf
Romanian
OUCH-201610_ro.pdf
Russian
OUCH-201610_ru.pdf
Serbian
OUCH-201610_se.pdf
Spanish
OUCH-201610_sp.pdf
Turkish
OUCH-201610_tr.pdf
Urdu
OUCH-201610_ur.pdf

Subscribe to OUCH!, our Monthly Security Awareness Newsletter

Get monthly content to keep you up to date on the latest Security Awareness News and Tips.

The SANS Institute provides training related to cybersecurity and the safe use of technology within your organization. To provide this training, the SANS Institute captures and processes personal data and as such has been identified as a “controller” of your information.

The information provided to SANS Institute for training purposes may include name, email address, phone number(s), address, company, department, job function, industry, organizational memberships, and geographic region. The SANS Institute may also collect data about devices and software used to access the training and training systems; this data includes browser version, operating system version, IP addresses, access times, connection duration, and other browser analytics. As training is delivered, the SANS Institute processes and stores data associated with training assignments, completion, and scores on any learning activity that is delivered. SANS may also utilize third party processors to provide these services.

If your information is provided by your employer, this information is used as part of the initial or ongoing training cycle. The purpose for collecting this data is to allow the SANS Institute and your employer to assign, deliver, record and report on your cybersecurity training. Your information and training records will be shared only with you and your employer.

At any time you have the right to receive a copy of the personal data you have provided to us in an electronically readable format.

A data protection regime is in place to oversee the effective and secure transmission, processing, storage, and eventual disposal of your personal data, and data related to your training. The SANS Institute will retain your data until you request that it be removed, after which it will be securely disposed of. The SANS Institute will never sell your personally identifiable data and will only share your personally identifiable data with SANS cyber security solutions partners when you provide agreement to do so.

When you consent to us using your information for the purposes of sending you information on SANS products or services you are providing us with your consent to send you materials detailing our products and services that we consider will be of interest to you, based on your use of the educational material that we provide as resources. We profile you this way to make the materials more relevant to you. We will only send you information on products from within the SANS services portfolio.

If, at any point, you believe your personal information to be incorrect, you may request to see a copy of your data, ask to have the errant data corrected, or ask that it be securely disposed of. If your information is provided by your employer, the SANS Institute will work directly with your employer to promptly address the matter. If you wish to raise a complaint or concern, or have questions relating to GDPR, please contact the Data Protection Officer via gdprprivacy@sans.org.

SANS has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to the EU Data Protection Authorities (DPAs), or where applicable instead, to the Swiss Federal Data Protection and Information Commissioner. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the following web site for more information and to file a complaint with the EU DPAs: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm

You may, at any time, withdraw your consent; to do so, please contact gdprprivacy@sans.org.

The SANS Institute is a U.S. company founded in 1989 that specializes in information security and cybersecurity training. All information provided to SANS Institute will be transferred to and processed in the United States. The SANS Institute is committed to comply with the Privacy Shield Framework which has been found adequate by the European Commission to enable international data transfer under EU law. For more information, please see www.sans.org or contact gdprprivacy@sans.org.

SANS Security Awareness

301-654-SANS (7267)
Monday-Friday, 9am-8pm EST/EDT

Social

  • Facebook
  • Twitter
  • Linked In

Footer

  • Products
  • Why SANS
  • About
  • Reports
  • Resources

Footer utility

  • Support
  • SANS.org
  • Contact
  • VLE Help

Stay up-to-date on the latest security awareness news and tips. 

Subscribe to our monthly newsletter, OUCH!

Subscribe Now

Copyright Nav

  • ©2018 SANS™ Institute
  • Privacy Policy
  • Trademark Usage Policy
  • Credits